FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bouncycastle15 -- bcrypt password checking vulnerability

Affected packages
1.65 <= bouncycastle15 < 1.67

Details

VuXML ID 70e71a24-0151-11ec-bf0c-080027eedc6a
Discovery 2020-11-02
Entry 2021-08-20

The Bouncy Castle team reports:

The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

[source]

References

CVE Name CVE-2020-28052
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.